Emanuel,
No I would not necessarily call this a small scale deployment, although we do scale above 4000 GMs.
Please note that, at least as far as I am aware, there is no strict definition that a setup like this would not be supported for larger scale deployment. You may want to shoot your SE an email so they can discuss with business unit it they limit supportability of such setup somewhere.
Technically speaking, what you need to take into consideration:
- CPU utilization during registration (can be offloaded by using external CDP URL).
- Type of rekey.
- Amount of GM re-registrations. (i.e. stability of environment).
- KS COOP or not.
- KS platform of choice.
What you want to make sure is that PKI functions will not affect KS functions. (For example during multi spokes registering and performing CRL checks).
And make sure that KS is not a single point of failure for entire domain - that mean storing PKI data of the router.
M.
